The most likely consumer security threats this holiday shopping season include return and refund frauds, retail and bank account takeover, website outages and point-of-sale breaches, according to Booz Allen’s Cyber4Sight 2017 Peak Retail Season Special Report.
Of those threats, point-of-sale breaches and website outages are considered the most threatening to retail in terms of their potential severity, the report stated.
Phone call returns, instead of in-store or online returns, will likely be the most popular method for executing return and refund fraud schemes in the 2017 peak retail season, according to the report. This approach is popular among criminals because refund and return fraud is much easier to carry out over the phone than in-store or online.
Despite efforts to rid retail of these threats, criminals continue to evolve.
This holiday season retailers will see a continuation of the tactics, techniques and procedures employed by cybercriminals in previous years, with varying degrees of intensity and some innovations, according to the report. Those attacks affecting retail are likely to be familiar ones, with criminals seeking out paths of least resistance.
In addition to refund fraud carried out by phone, other ways to commit the crime include the use of compromised retail accounts, use of fraudulent refund services and using disasters such as hurricanes as part of claims that packages weren’t delivered when they actually were.
The attack tools used this holiday season might also seem familiar: Worms, a long-time threat, continue to be a threat in 2017, the report noted. "A wormable exploit release into the network of a retailer could be massively problematic during non-peak season, but the impact during peak season could be catastrophic," the report stated.
Retailers and their security partners actually have done a decent job against worms. For example, Eternalblue, which is currently the most popular worm exploit, almost certainly has been patched out of the networks of most sophisticated retailers.
Meanwhile, security measures like EMV and point-to-point encryption may be gradually reducing the likelihood that POS malware can do maximum damage, but the threat still remains. Cyber4Sight research into breaches at Arby's, Chipotle, Whole Foods and Sonic identified compromised payment card data for sale on Joker’s Stash, one of the most popular and frequently restocked underground marketplaces, according to the report, which noted, "In many cases, the time span between POS compromise and data exfiltration may be weeks or months in length, suggesting that retailers anticipating potential attacks during peak retail season should expect initial stages of POS malware infections to occur in advance of the busy retail period."